How Much Does a Forum Know About You?

Bob Leggitt | Sunday 16 September 2012
The title of this piece looks like a question with a very obvious answer. What kind of information about you can the administrator(s) of an Internet forum access? Pretty straightforward, you might think. They’ve got your IP address, the disposable email address you opened purely for signing up to forums, a bit of info about your computer and browser, and whatever crap you made up about your date of birth, location, etc. That’s it. Or is it? Well no, actually, it’s not.

What if I told you that a forum administration might have your phone number, your exact location (perhaps even your full and specific address), and they might know where you work? What if I said they might know your family situation, and have a rough idea of your income bracket? What if… well, what if I told you that the forum administration knows exactly what you look like?… Wouldn’t believe me? Well, you could be right of course, but that would depend on how privacy-conscious you are. Even in cases where a forum member has not filled in a single detail on their profile page, the administrators could feasibly have built a detailed dossier of info about them. How? Well, let’s start with an absolute mine of private information about forum users: the good old PM system…

One major mistake a vast number of forum users make is to assume that the administrators don’t (or can't) read people’s Private Messages. Of course, most administrators will say they don’t read users’ PMs, or that they only do it in extreme emergency circumstances (like when they suspect foul play). But in reality, they’re human beings. Inevitably, I believe, a high proportion of them will read private messages out of curiosity, because that’s human nature. Look at it like this: if you suddenly found you could access the PMs sent between other members of the forum(s) you use, without anyone finding out, would you read any of them? Be honest – you’d spend more time reading the PMs than the actual forum, wouldn’t you? If your answer is yes, then what makes the forum administrator(s) any different from you? They have the same curiosity as anyone else. Members aren't to know what they’re reading – why would they not satisfy their curiosity?

The fact that newspaper sales skyrocket when the editors print private information we're not supposed to know, is a testament to what we're all really like. We might pretend we're not nosey, but we'll all switch on the TV when a documentary promises to reveal secret info. Curiosity is a very powerful thing, and it's hard to resist.

There’s a very interesting thread about administrators reading PMs on the Admin Zone forum – a resource for forum administrators…

In my favourite post from the thread, a member states that 100% of the administrators they know to be running a particular type of forum, read their members' private messages for fun.

And if you read the thread for yourself on the main link above, you’ll see there’s plenty more where that came from. It’s admittedly an old thread, but human psychology never changes. One administrator near the start of the thread admits to reading PMs all the time and is criticised by others. But I’d guess the only difference between him and the bulk of those who claimed the moral high ground is that he was honest. You do get a sense that there were one or two bits of sanctimony going on here and there.

The discussion, incidentally, is punctuated by another administrator who, not having realised it was possible to read members’ PMs, is repeatedly trying to find out how to do it – even making his/her final request time-sensitive so as to prompt a faster response.

The lesson is: administrators WILL read users’ PMs. Not all administrators, but a lot of them. If you send messages, privately, to other members, including such details as your phone number, where you live, or maybe photos of yourself, then you need to budget for the fact that the forum has access to that information. Obviously the administrators don’t have time to sift and collate every member’s private messages, but if you’re interesting enough, and you make them curious, chances are they’ll want to find out more. And quite aside from the issue of personal information, this can unexpectedly catch you out. If, for example, the administration have upset you in some way, don’t think you can plot their downfall with other members via private message. The admins will probably be reading every word you say, and it should come as no surprise when you suddenly find yourself unable to use the site. They may not admit a reason for banning you, but then, in keeping with most forums’ terms and conditions, they probably won’t have to.


No. I would in any case be sceptical about any claims that administrators can’t read users’ PMs, but even if it’s true in a particular instance, that doesn’t shut down every avenue of data collection.

This is where we get into an even darker side of forum administration. Consider this: you set up ten accounts on a forum. The administrator recognises that your accounts belong to the same person, and they’re all banned. Serves you right. But what if the forum administrator sets up ten accounts?… Who’s gonna ban him? That’s right – no one. He’s the administrator. He can set up as many accounts as he likes and use them for any purpose he chooses. Be in no doubt whatsoever that some administrators have lots of fake accounts which masquerade as ordinary forum members. Often, these fake accounts are used fairly innocently in the early stages of life on a newly-established forum, to create the impression that there’s a lot of interest when in fact, there’s only a handful of real members.

But the fake accounts can survive in active use long after the forum has grown into a sizeable site - manipulating opinion, making sure the forum administration gets its own way. Among other things, these ‘sockpuppet’ accounts allow the administrators to make biased public statements (sometimes commercially biased) which would not be tolerated from someone supposedly operating an impartial board. With the biased statements apparently coming from a random member, the forum maintains its impression of impartiality, whilst perpetrating a clearly biased message.

That’s bad enough, but there’s also the potential for these same disguises to be used within the private messaging system. If someone befriends you on the forum, and starts to chat with you in more depth via PM, can you be sure that you’re not chatting with someone from the forum administration? Remember, however stringent the verification process on a given forum, there’s always at least one person who isn’t subject to that process: the administrator. If the administrator is a dodgy character, then you can’t rule anything out. Obviously, all forums are different. Some are run by people with a high level of integrity and a comprehensive understanding of privacy laws. Some are run by people with no integrity whatsoever, and whose idea of a privacy policy is a page that says “Section under construction”. A very large number of forums sit somewhere between those two extremes. In most cases, it’s almost impossible to tell exactly where.

So the advice is, by all means use the private messaging system if you want to, but recognise that everything you say can probably be read by those running the site. Recognise too, that this is not like sending stuff by a reputable email service, where those operating the service have been properly vetted. Anyone can set up a forum. They don’t have to go through a CRB check, and they don't even need to provide references. If you’re not very, very careful what you say in a private message, you could be giving your personal details to someone completely irresponsible, or worse. There’s even an allegation in the thread I linked to earlier, that one particular forum team were using information they obtained through reading private messages, to blackmail members. I’d guess something like that would be very rare, but do you want to take the risk?


What you say in posts can also tell the forum a lot about you. This probably sounds a bit silly, because in posts, you’re basically talking to the whole world. Why worry specifically about what the forum administration see in your posts?… Well, because to the wider world, you’re probably anonymous. To the forum administration, you may not be.

All most people see when you make a post is a username, perhaps an avatar… they don’t know who you are. If you want to express that you’ve got sexual problems, or something else of a sensitive nature, then even though you’re informing the world, you’re still keeping the matter confidential because you haven’t identified yourself. At least, not to outsiders. But the administrators may have your identity, and that massively changes the picture. You’re giving them information you’d probably even think twice about giving to a highly qualified and secrecy-sworn medical practitioner, and yet you don’t have a clue who these people are.

Another ‘blind spot’ with posting can be caused by the way interactivity works. At times, it feels like you’re talking to just one person. And as a seemingly one-to-one conversation progresses with no input from other people, the sense that you’re talking in public diminishes. There’s evidence that as forum (or networking site) members become more engrossed in public one-to-one exchanges, they can increasingly forget they’re posting publicly and begin to talk as they would in an offline one-to-one conversation. Little bits of information can start to slip out. With every post you make, it’s essential to remind yourself that you’re telling the world, and a forum administration who could know your identity – not just the member you happen to be chatting or debating with.


Okay, so here’s another fact which can shock the unaware… You’ve never sent a PM. You haven’t filled in a single box on your profile page, and you’ve never even made a post. But the forum administration are able to summarise your personality. How, in the name of Internet wizardry, can that possibly happen? Really simple – the Thank You button. Lots of forums have Thank You or Like buttons, and they seem very innocent. It’s true that these buttons are primarily designed to motivate people to post. Afterall, when people get thanked for posting things, they’re more likely to keep doing it. But Thank You buttons can also harvest information about the things you like or agree with, and can therefore, over a period of time, come to define your personality. And as Facebook can verify, the info collected about users through the use of Like buttons can build a pretty accurate idea of what they think and believe.

Of course, if you don’t draw attention to yourself on a forum, you’re much less likely to attract the interest of the administration and end up being monitored by them. But there’s always the future, and just because you’re going below the radar at the moment, it doesn’t mean you always will. However likely or unlikely it is that the forum administration will take a personal interest in you, clicking Thank You and Like buttons is giving away information about yourself. It’s not just between you and the person you’re thanking.

I suppose in the end you can morph this subject into a wider debate on social networking and the Internet in general. What people are really saying about themselves, versus what they think they’re saying. So often, there’s a serious mismatch between the two, and forum users, Web users, are divulging a lot more than they realise. But forum administrators should be regarded as a special case. Not the only special case, but a special case nonetheless. If they approached you in the street and asked you for the kind of info they can obtain through their sites, you’d probably call the police. Why give complete strangers your personal information purely because they happen to have opened a forum?

You can find more about forums in...